Pinned Repositories
demos
Demos of various injection techniques found in malware
dll_to_exe
Converts a DLL into EXE
exe_to_dll
Converts a EXE into DLL
hollows_hunter
Scans all running processes. Recognizes and dumps a variety of potentially malicious implants (replaced/implanted PEs, shellcodes, hooks, in-memory patches).
libpeconv
A library to load, manipulate, dump PE files. See also: https://github.com/hasherezade/libpeconv_tpl
malware_training_vol1
Materials for Windows Malware Analysis training (volume 1)
pe-bear
Portable Executable reversing tool with a friendly GUI
pe-sieve
Scans a given process. Recognizes and dumps a variety of potentially malicious implants (replaced/injected PEs, shellcodes, hooks, in-memory patches).
pe_to_shellcode
Converts PE into a shellcode
tiny_tracer
A Pin Tool for tracing API calls etc
hasherezade's Repositories
hasherezade/pe-sieve
Scans a given process. Recognizes and dumps a variety of potentially malicious implants (replaced/injected PEs, shellcodes, hooks, in-memory patches).
hasherezade/pe-bear
Portable Executable reversing tool with a friendly GUI
hasherezade/pe_to_shellcode
Converts PE into a shellcode
hasherezade/hollows_hunter
Scans all running processes. Recognizes and dumps a variety of potentially malicious implants (replaced/implanted PEs, shellcodes, hooks, in-memory patches).
hasherezade/malware_training_vol1
Materials for Windows Malware Analysis training (volume 1)
hasherezade/tiny_tracer
A Pin Tool for tracing API calls etc
hasherezade/exe_to_dll
Converts a EXE into DLL
hasherezade/libpeconv
A library to load, manipulate, dump PE files. See also: https://github.com/hasherezade/libpeconv_tpl
hasherezade/mal_unpack
Dynamic unpacker based on PE-sieve
hasherezade/bearparser
Portable Executable parsing library (from PE-bear)
hasherezade/ida_ifl
IFL - Interactive Functions List (plugin for IDA Pro)
hasherezade/malware_analysis
Various snippets created during malware analysis
hasherezade/process_overwriting
Yet another variant of Process Hollowing
hasherezade/thread_namecalling
Process Injection using Thread Name
hasherezade/waiting_thread_hijacking
Waiting Thread Hijacking - injection by overwriting the return address of a waiting thread
hasherezade/masm_shc
A helper utility for creating shellcodes. Cleans MASM file generated by MSVC, gives refactoring hints.
hasherezade/mal_unpack_drv
MalUnpack companion driver
hasherezade/crypto_utils
Set of my small utils related to cryptography, encoding, decoding etc
hasherezade/pin_n_sieve
An experimental dynamic malware unpacker based on Intel Pin and PE-sieve
hasherezade/paramkit
A small library helping to parse commandline parameters (for C/C++)
hasherezade/hidden_bee_tools
Parser for a custom executable formats from Hidden Bee and Rhadamanthys malware
hasherezade/libpeconv_tpl
A ready-made template for a project based on libpeconv.
hasherezade/flareon2024
hasherezade/sig_finder
Signature finder (from PE-bear)
hasherezade/flareon2023
hasherezade/detours_cmake_tpl
A CMake template for projects using MS Detours
hasherezade/hasherezade.github.io
My projects' homepage
hasherezade/IAT-Tracer
An automation plugin for Tiny-Tracer framework to trace and watch functions directly out of the executable's import table or trace logs (.tag) files.
hasherezade/bearparser_tests
External tests for bearparser
hasherezade/View8
View8 - Decompiles serialized V8 objects back into high-level readable code.